US10477151B2 - Method and apparatus for supporting multiple broadcasters independently using a single conditional access system - Google Patents
Method and apparatus for supporting multiple broadcasters independently using a single conditional access system Download PDFInfo
- Publication number
- US10477151B2 US10477151B2 US15/652,082 US201715652082A US10477151B2 US 10477151 B2 US10477151 B2 US 10477151B2 US 201715652082 A US201715652082 A US 201715652082A US 10477151 B2 US10477151 B2 US 10477151B2
- Authority
- US
- United States
- Prior art keywords
- receiver module
- encrypted
- pairing key
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related, expires
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000004044 response Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 16
- 238000004519 manufacturing process Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 101100462378 Danio rerio otpb gene Proteins 0.000 description 5
- 230000008901 benefit Effects 0.000 description 5
- 238000009795 derivation Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 235000000332 black box Nutrition 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000000926 separation method Methods 0.000 description 3
- 244000085682 black box Species 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 102100030310 5,6-dihydroxyindole-2-carboxylic acid oxidase Human genes 0.000 description 1
- 101000773083 Homo sapiens 5,6-dihydroxyindole-2-carboxylic acid oxidase Proteins 0.000 description 1
- 101000898746 Streptomyces clavuligerus Clavaminate synthase 1 Proteins 0.000 description 1
- 101000761220 Streptomyces clavuligerus Clavaminate synthase 2 Proteins 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1012—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to domains
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2543—Billing, e.g. for subscription services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42684—Client identification by a unique number or address, e.g. serial number, MAC address, socket ID
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/472—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/165—Centralised control of user terminal ; Registering at central
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- Flaharty filed Jul. 13, 2007, now issued as U.S. Pat. No. 8,243,925, which is a national phase application of International Patent application No.: PCT/US2005/037197, entitled “METHOD AND APPARATUS FOR SUPPORTING MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE CONDITIONAL ACCESS SYSTEM,” by Ronald P. Cocchi, Gregory J. Gagnon, and Dennis R. Flaharty, filed Oct. 18, 2005, which claims benefit of U.S. Provisional Patent Application No. 60/619,663, entitled “METHOD OF SUPPORTING MULTIPLE BROADCASTERS INDEPENDENTLY USING A SINGLE CONDITIONAL ACCESS SYSTEM,” by Ronald P. Cocchi, Gregory J. Gagnon, and Dennis R. Flaharty, filed Oct. 18, 2004, all of which applications are hereby incorporated by reference herein.
- the present invention relates to systems and methods for providing conditional access to media programs, and in particular to a system and method for providing for such conditional access between multiple independent broadcasters and a plurality of customers using a single conditional access system.
- subscriber-based services are readily available in some areas, they are not available on a world-wide basis.
- subscribers are typically offered services from a small number of providers (e.g. DIRECTV or ECHOSTAR, or the approved local cable provider) each of which typically provide a large number of media channels from a variety of sources (e.g. ESPN, HBO, COURT TV, HISTORY CHANNEL).
- providers e.g. DIRECTV or ECHOSTAR, or the approved local cable provider
- sources e.g. ESPN, HBO, COURT TV, HISTORY CHANNEL
- each service provider typically encrypts the program material and provides equipment necessary for the customer to decrypt them so that they can be viewed.
- the present invention discloses a method, apparatus, article of manufacture for brokering the enabling of communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers, each encrypted media program decryptable by a first receiver module securely communicating with a second receiver module according to a pairing key associated with one of the plurality of receivers.
- the method comprises the steps of transmitting a service enabling request from one of the plurality of broadcasters to a broker independent from the one of the plurality of broadcasters, the request comprising an identification of the one of the plurality of receivers; receiving a first encrypted version of the pairing key E S 1 [K p ] from the broker, the first encrypted version of the pairing key E S 1 [K p ] decryptable by first information S 1 securely stored in the first receiver module of the one of the plurality of receivers; generating a second encrypted version of the pairing key K p , the second encrypted version of the pairing key E S 2 [K p ] decryptable by second information S 2 securely stored in the second receiver module; and transmitting the first encrypted version of the pairing key E S 1 [K p ] and the second encrypted version of the pairing key E S 2 [K p ] to the one of the plurality of receivers.
- the apparatus is described by system for brokering the enabling of communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers, each encrypted media program decryptable by a first receiver module securely communicating with a second receiver module according to a pairing key K p associated with one of the plurality of receivers.
- the system comprises a broker, for providing a first encrypted version of the pairing key E S 1 [K p ] in response to a service enabling request from one of the plurality of broadcasters, the service request having an identification of one of the plurality of receivers, wherein the first encrypted version of the pairing key E S 1 [K p ] is decryptable by first information S 1 stored in the first receiver module.
- at least one of the first information S 1 and the second information S 2 may be derived from a hardware root of trust stored in at least one of the first receiver module and the second receiver module
- FIG. 1 is a diagram illustrating a media program distribution system
- FIG. 2 is a diagram of a typical subscriber station
- FIG. 3 is a diagram illustrating a multiple broadcaster media program distribution system
- FIGS. 4A-4D are diagrams illustrating one embodiment of how the pairing system cooperatively operates with multiple service providers and equipment at the subscriber stations to implement a conditional access system
- FIG. 5A is a diagram illustrating one embodiment of the service provider
- FIG. 5B is a diagram illustrating an embodiment of a table stored in the pairing system
- FIG. 5C is a diagram illustrating an embodiment of a table stored by the service provider
- FIG. 6 is a diagram illustrating one embodiment of the STB
- FIG. 7 is a diagram illustrating an exemplary embodiment of the transport module and the CAM.
- FIG. 8 is a diagram of a computer that can be used to implement selected modules.
- FIG. 1 is a diagram illustrating a media program distribution system 100 .
- the system 100 includes a plurality of service providers (hereinafter alternatively referred to as broadcasters) 102 , including a first service provider 102 A that broadcasts media programs from a satellite broadcast facility 152 A via one or more uplink antennas and one or more satellites 156 , a second service provider 102 B, that broadcasts media programs from terrestrial broadcast facility 152 B and one or more terrestrial antennas 164 , and a third service provider 102 C that broadcasts media programs via a cable link 160 .
- broadcasters service providers
- the system 100 also comprises a plurality of subscriber stations 104 A, 104 B (alternatively referred to hereinafter as subscriber station 104 ), each providing service to one or more subscribers 112 A, 112 B (alternatively referred to hereinafter as subscribers 112 ).
- Each subscriber station 104 A, 104 B may include a satellite reception antenna 106 A, 106 B (alternatively referred to hereinafter as satellite reception antenna 106 ) and/or a terrestrial broadcast antenna 108 A, 108 B (alternatively referred to hereinafter as terrestrial broadcast antenna 108 ) communicatively coupled to a receiver 110 A, 110 B (alternatively referred to hereinafter as receiver 110 ), which is also known as a set top box (STB) or an integrated receiver/decoder (IRD).
- STB set top box
- ITD integrated receiver/decoder
- each receiver 110 A, 110 B (or at least, each conditional access system used with each receiver) is capable of receiving subscriber-based media programs from only one of the media program providers 102 .
- the subscriber may need not only to have a multiple receivers 110 at the subscriber station 104 A, but also, will require multiple conditional access systems.
- FIG. 2 is a diagram of a typical subscriber station 104 .
- Each station 104 includes at least one receiver or STB 110 , which itself includes a transport module 202 that communicates with a conditional access module (CAM) 206 .
- the CAM 206 is a smart card that is removably communicatively coupleable to the transport module 202 and hence, the STB 110 .
- the CAM 206 is a device such as a chip or a collection of devices that are physically integrated with the STB 110 and irremovable.
- the service providers typically encrypt the media program M with a control word CW, thus producing and encrypted program E CW [M], and transmit the encrypted media program E CW [M] and an encrypted version of the control word E[CW] to the receiver 110 .
- the receiver 110 receives both the encrypted program E CW [M] and the encrypted control word E[CW].
- the transport module 202 analyzes the incoming data stream and passes the encrypted control E[CW] to the CAM 206 , which decrypts the control word CW and returns the decrypted control word CW to a security module 204 or similar device in the transport module 202 .
- the security module 204 uses the control word CW to decrypt the encrypted media program E CW [M] to produce the media program M for presentation to the subscriber.
- This system assures that only those who are in possession of a valid CAM 206 can receive and decode media programs. However, it does not prevent the use of the CAM 206 in any other STB 110 . Hence, if the CAM 206 is compromised or duplicated, unauthorized access to media programs is possible.
- FIG. 3 is a diagram illustrating a multiple broadcaster Conditional Access Subscriber Administration System (CASAS) 200 .
- the CASAS 200 is similar to that which is disclosed in FIG. 1 , but includes a pairing broker 304 , which can communicate with the broadcast facilities 152 via a communications medium 302 such as the Internet.
- a communications medium 302 such as the Internet.
- FIGS. 4A-4D are diagrams illustrating one embodiment of how the pairing broker 304 cooperatively operates with multiple service providers 102 and equipment at the subscriber stations 104 to implement a conditional access system.
- FIGS. 4A-4D will be described in connection with and with reference to FIGS. 5 and 6 , which illustrate one embodiment of the service provider 102 elements and STB 110 elements, respectively.
- FIG. 4A begins with a potential customer 112 who has decided to subscribe a media program service offered by a service provider 102 . To do so, the subscriber contacts the service provider 102 and transmits information sufficient to identify the STB and the CAM to the service provider 102 , as shown in block 402 .
- this information includes an STB 110 unique identifier (ID) (such as a serial number or other designation) and a CAM 206 unique identifier (CAM ID). In a preferred embodiment, this is accomplished by transmitting the information via the Internet 302 or similar network.
- ID STB 110 unique identifier
- CAM ID CAM 206 unique identifier
- the subscriber's web browser can include the appropriate references to the URL where the request and STB ID and CAM ID should be transmitted.
- the potential subscriber in addition to the STB ID, the potential subscriber also transmits his/her credit card information (e.g. the account number) as well. This allows for services to be automatically billed for monthly subscription fees without further interaction.
- Credit card payment administration can be performed by the service provider 102 or by a third party such as PAYPAL. These functions can be performed by the subscriber administration module (SAM) 504 .
- SAM subscriber administration module
- the SAM 504 can also comprise or be integrated with a customer relationship management (CRM) system or systems. If access is approved (e.g. if the supplied credit card information has been verified), the subscriber administration module 504 directs the web transaction module 502 to request a pairing key K p from the pairing broker 304 .
- CRM customer relationship management
- the potential customer 112 can contact the service provider 102 via telephone or other means and provide the service request, STB ID, and CAM ID.
- the pairing broker 304 can receive the service request (preferably via an appropriate Internet interface) and forward the request for service and the appropriate identifying information to the service provider 102 .
- the service provider 102 receives the service request the identifying information, as shown in block 404 .
- the service provider 102 then transmits an enabling service request and the STB ID to the pairing broker 304 , as shown in block 408 .
- the pairing broker 304 receives the service enabling request and the STB ID.
- a first encrypted version of a pairing key K p is then provided.
- the pairing key K p was generated either in block by the service provider 102 , as shown in block 406 or, preferably by the pairing broker 304 , as shown in block 406 ′.
- the first encrypted version of the pairing key K p is provided so as to be decryptable using first information S 1 securely stored in a first receiver module such as the transport module 202 shown in FIG.
- the first encrypted version of the pairing key K p therefore described as E S 1 [K p ]). In one embodiment, this is accomplished by use of a secret that is known to the pairing broker 304 , but unknown to the service provider 102 .
- the STB IDs and related first information S 1 can be stored in a table or a database 514 in the pairing broker 304 . If desired, the related first encrypted versions of the pairing key E S 1 [K p ] can be stored as well.
- the first encrypted version of the pairing key E S 1 [K p ] is transmitted to the service provider 102 . If the pairing key K p was generated by the pairing broker 304 , the pairing key K p is also transmitted to the service provider 102 . One of both of the first encrypted version of the pairing key E S 1 [K p ] and the pairing key K p can be securely transmitted to the service provider 102 via a shared secret, a private key, or a public/private key security paradigm, if desired.
- the foregoing process can be used to request all services from a service provider with a single pairing key K p or repeated to request other services from the service provider 102 , with each service enabled and controlled via a different pairing key K p .
- the service provider 102 may provide both general services (e.g. access to a number of channels as a part of a baseline fee service) and pay-per-view services (e.g. access to a particular program or set of programs on a pay-per-view basis).
- the foregoing process can be repeated for those services, resulting in the provision of a first encrypted version of a different pairing key for each service.
- the system 200 has the ability to store credit information in the security module 204 , CAM 206 , or elsewhere, and can therefore limit the amount of IPPV events the subscriber can purchase prior to requesting additional credits.
- the potential subscriber 112 can repeat this process for each service provider 102 from which they wish to receive service.
- FIG. 5B is a diagram showing a table that might be used to store and relate the STB ID to first information S 1 , a service provider 102 identifier (BDCST ID), and pairing keys for general services, IPPV, and multiple OPPV services.
- BDCST ID service provider 102 identifier
- the service provider 102 receives the first encrypted version of the pairing key K p , and generates a second encrypted version of the pairing key K p such that it is decryptable by second information S 2 securely stored in a second receiver module such as the conditional access module 206 (the second encrypted version of the pairing key K p therefore described as E S 2 [K p ]).
- the service provider 102 can store a table or database relating STB IDs and the pairing keys K p for each of the provided services.
- FIG. 5C is an example of how such information may be stored. Note that the BRDCST ID column is not necessary in this case, because the identity of the service provider 102 is inherently known.
- the service provider 102 transmits an entitlement control message (ECM) or an entitlement management message (EMM) to the subscriber station.
- ECM entitlement control message
- EMM entitlement management message
- the ECM is transmitted to the STB 110 in response to a subscriber request for access to general media programs from the service provider 102 , while the EMM is transmitted in response to a subscriber request for a specific program (e.g. an impulse or order ahead pay-per-view).
- the ECM/EMM includes the first encrypted version of the applicable pairing key E S 1 [K p ], the second encrypted version of the pairing key E S 2 [K p ], and the ID of the service provider 102 (BRDCST ID) which is providing the services related to the pairing key K p .
- This transmission can be accomplished via the same system used to transmit the media program M itself, or a different communication system such as the Internet or a public switched telephone network (PSTN) or cellphone network.
- the transport module 202 receives the first encrypted version of the pairing key E S 1 [K p ] and the second encrypted version of the pairing key E S 2 [K p ], and the service provider ID.
- the second encrypted version of the pairing key E S 2 [K p ] is provided to the conditional access module 310 , where it is received, decrypted (using the second information S 2 ) to obtain the pairing key K p which is stored (along with a reference to the service provider ID (BRDCST ID) from which the pairing key K p was received), as shown in blocks 428 and 430 .
- the first encrypted version of the pairing key E S 1 [K p ] is decrypted and stored in the transport module 202 (also along with a reference to the service provider ID from which the pairing key K p was received), as shown in block 432 .
- FIG. 6 shows an exemplary embodiment of how the data relating services, broadcasters, and pairing keys K p might be stored in the transport module and the conditional access module.
- the pairing key K p is used to encrypt communications between the conditional access module 206 and the transport module 202 .
- the conditional access module 206 cannot be used a different STB 110 , although if desired, more than one STB 110 can be provided to a customer, each having the same first information the conditional access module to be used with different STBs 110 in the same household.
- the broadcast module 506 and/or the broadcast headend 516 encrypts media programs M 510 according to a control word (CW), encrypts the control word (CW) itself, and broadcasts a program stream comprising the encrypted program material E CW [M] and the encrypted control word E[CW] to the STBs 104 , as shown in blocks 450 , 452 and 454 .
- the program stream may also comprise program guide information from the program guide module 508 .
- the transport module 202 in the STB 110 receives the program stream, separates out the packets of information by channel (typically according to a packet ID), and provides the encrypted control word E[CW] to the conditional access module 206 .
- the conditional access module 206 receives the encrypted control word E[CW] decrypts it to recover the control word (CW), encrypts the control word (OF) with the pairing key K p , and provides the encrypted pairing key E K p [CW] to the transport module 202 , as shown in blocks 460 - 466 .
- the transport module 202 decrypts the encrypted control word E K p [CW] using the pairing key K p thus recovering the control word (CW), as shown in block 472 , and uses the decrypted control word (CW) to decrypt the encrypted media program E CW [M] to produce the media program M, as shown in block 474 .
- the foregoing system can be used to modify or change the provision of services from the service provider 102 as well. This can be accomplished by the service provider 102 deleting, adding, or modifying the pairing keys K p in cooperation with the pairing broker 304 in essentially the same way as described above. Such modification can occur at the subscriber's behest (e.g. the subscriber desires either more, less, or different services than previously), or that of the service provider 102 (e.g. if the offered services change or the subscriber's credit card is no longer valid).
- the modules described above can be implemented as one or more software modules comprising instructions being performed by one or more special or general purpose processors, or may be implemented with hardware modules having dedicated circuitry, or with both hardware and software modules.
- the pairing broker 304 is implemented by a pairing server
- the program guide module 508 , broadcast module 506 , subscriber administration module 504 and web transaction module 502 are all implemented as servers
- the transport module 202 and security module 204 are implemented in a secure, tamperproof electronic circuit
- the conditional access module is implemented on a smart card.
- the system and method described above uses unique secrets S 1 and S 2 into the transport module 202 and CAM 206 .
- the unique secrets S 1 and S 2 can be derived from a hardware root of trust that is programmed into the device itself.
- the transport module 202 or CAM may be at least partially implemented using System-on-Chip (SoC) architectures that permit hardware root of trust values to be programmed into the SoC at the SoC manufacturing site using black-box techniques.
- SoC System-on-Chip
- SoC programming can also occur at the packaging or product manufacturing facility by execution of an in-field programming sequence on the SoC.
- a security provider independent architecture can support multiple concurrent or serial CAS and DRM implementations using a single black box programming security platform with limited One Time Programming (OTP) resources to store secrets representing the hardware root of trust that are used to derive the S 1 and S 2 values.
- OTP One Time Programming
- security providers may use black box OTP resources as the basis to derive security keys to enable different security schemes by altering the key generation inputs based on CAS and DRM vendor software and possibly vendor unique OTP inputs.
- the key generation inputs can be provided in the CAS and DRM application that could be loaded at CE device manufacturing or downloaded over the air for a fielded CE device.
- Key derivation can be accomplished in a number of ways, for example, by taking the black box programmed secret OTP keys, CAS/DRM vendor (security provider) software input and possible CAS/DRM vendor unique OTP values and combining in a series of crypto graphic calculations using AES, DES or Triple DES. Where the black box programmed secret OTP keys are used as the key and the software input and CAS/DRM vendor unique OTP values are the data in the crypto graphic operation.
- the SoC can derive unique key outputs for each CAS and DRM security provider used for a given content provider or broadcaster.
- CAS unique inputs such as their assigned conditional access identifier (CA ID) maybe used to differentiate derived keys for different conditional access systems CAS 1 versus CAS 2 .
- CA ID conditional access identifier
- These security provider unique key generation outputs enable support for multiple security providers for fielded CE devices typically found in STBs 110 , televisions (TVs), Smart TVs and mobile devices such as smartphones.
- the black box security provider provides compatible headend applications to each content provider, so that the media programs are encrypted or otherwise protected using the CAS and DRM implementation used.
- Another advantage of using a derived key database is that the black box programmed OTP key secrets programmed into the SoC OTP do not have to be divulged to the multiple CAS and DRM security providers, since these security providers would use the derived key databases for their content protection systems, not the OTP value. This means that if a derived key database were compromised, it only affects the specific CAS/DRM security provider that was using that specific derived key database, i.e. such compromise would not affect the fielded CE devices or derived key databases of any other such CAS/DRM security provider.
- the keys and programming infrastructure provided by an independent black box security provider enables fielded CE devices to add additional revenue baring applications to the CE device manufacturer or content provider giving these entities more flexibility in managing their business and offering new services. Besides switching out a CAS/DRM vendor for any number of reasons, enabling the ability to add applications supporting new CAS/DRM vendors in fielded CE devices can result in generating significantly higher content sale revenues without requiring consumers to upgrade their CE devices. Consumer savings are realized by extending the field life of the CE device by allowing the consumer to download new software images to enable the purchase of new content services without having to replace their fielded CE devices.
- Extending Fixed Secrets with Key Derivation can be used to extend the fixed secret, S 1 , shown in FIGS. 5A and 5B to decrypt either of the encrypted paring keys E S 1 [K p ], E S 2 [K p ] to with secrets S 1 and S 2 , respectively produce the pairing key K p that is used to decrypt the ECW shown in FIG. 4C .
- the extension provides the ability to: (1) Use derived root keys to produce S 1 and alternately or in addition, using such root keys to produce S 2 and (2) Use this derivation process as a means of renewing key material for a fielded system.
- hardware root of trust values can provide the basis for security providers such as the pairing broker 304 and/or one or more of the broadcasters 102 to derive a plurality of different security keys.
- security providers such as the pairing broker 304 and/or one or more of the broadcasters 102 to derive a plurality of different security keys.
- Such keys can be used to add new security procedures or modify procedures already implemented. This can be accomplished, for example, by altering the key generation inputs based on security provider software (CAS or DRM) and possibly inputs vendor-unique hardware root of trust values.
- the key generation inputs can be provided in the CAS and DRM application software that could be loaded at into consumer electronics (CE) devices such as the transport module 2002 or CAM 206 when the devices are manufacture, or remotely downloaded over the air for a fielded CE device. This permits cryptographic separation of the CE devices at both S 1 and S 2 .
- CE consumer electronics
- Such hardware root of trust values can include one-time-programmable (OTP) values programmed into the transport module 202 and or CAM 206 using, for example, black box techniques also described in U.S. Patent Publication No. 2017/0012952.
- OTP values may be held secret from other entities as necessary.
- the pairing broker 304 or third party security provider may provide a black box to the broadcaster 102 or manufacturer of the STB, permitting the storage of an OTP value without disclosing that value to the security provider or broadcaster.
- Another advantage of using a derived key database is that the black box programmed OTP key secrets programmed into the SoC OTP may be held secret from (do not have to be released to) the CAS or DRM security provider, since these security providers would use the OTP key secrets to derive the keys required for their content protection system. This permits supporting multiple security provider vendors. Further, if a database of derived keys database were compromised, this compromise only affects the specific CAS/DRM security provider that was using that specific derived key database, and would not affect the fielded CE devices or derived key databases of any other such CAS/DRM security provider. This allows S 1 (and/or S 2 ) to be updated in the event of an attack that compromises the database of keys.
- FIG. 7 is a diagram illustrating an exemplary embodiment of the transport module 202 and the CAM 206 , wherein the transport module 202 includes a hardware root of trust value OTP 1 702 A and/or the CAM 206 has another hardware root of trust value OTP 2 702 B, thus permitting at least one of the first information S 1 and second information S 2 to be derived from a hardware root of trust secret stored in at least one of the transport module 202 and the CAM 206 .
- the transport module 202 has a SoC with a processor that can perform processor instructions 704 A.
- the processor has access to OTP 1 702 and can use deriving information such as the processor instructions 704 A to derive or generate the first value S 1 via one or more operations 708 A.
- the CAM 206 comprises a SoC with a processor that can perform processor instructions 704 B.
- the processor has access to OTP 1 702 and can use the processor instructions 704 A to generate the first value S 1 via one or more operations 708 B.
- the transport module 202 may also store one or more further hardware root of trust values OTP 1 706 A 1 and OTP 2 706 A 2 that can also be used as deriving information to generate the first value S 1 .
- OTP 1 706 A 1 and OTP 2 706 A 2 are security provider-unique, with each allocated to different security providers, allowing the transport module 202 to support CAS/DRM procedures of multiple security providers, allowing each such security provider to use their own OTP value 706 A to generate first information S 1 .
- security providers may be provided multiple OTP values as well.
- the CAM 206 may also store one or more further hardware root of trust values OTP 1 706 B 1 and OTP 2 706 B 2 that can also be used to generate the second value S 2 .
- OTP 1 706 B 1 and OTP 2 706 B 2 may be allocated to the same security provider, or different security providers, allowing the CAM 206 to support CAS/DRM procedures of multiple security providers.
- FIG. 8 illustrates an exemplary computer system 800 that could be used to implement the servers or the subscriber computer 512 of the present invention.
- the computer 802 comprises a processor 804 and a memory, such as random access memory (RAM) 806 .
- the computer 802 is operatively coupled to a display 822 , which presents images such as windows to the user on a graphical user interface 818 B.
- the computer system 802 may be coupled to other devices, such as a keyboard 814 , a mouse device 816 , a printer, etc.
- keyboard 814 a keyboard 814
- a mouse device 816 a printer, etc.
- printer a printer
- the computer 802 operates under control of an operating system 808 stored in the memory 806 , and interfaces with the user to accept inputs and commands and to present results through a graphical user interface (GUI) module 818 A.
- GUI graphical user interface
- the instructions performing the GUI functions can be resident or distributed in the operating system 808 , the computer program 810 , or implemented with special purpose memory and processors.
- the computer 802 also implements a compiler 812 which allows an application program 810 written in a programming language such as COBOL, C++, FORTRAN, or other language to be translated into processor 804 readable code.
- the application 810 accesses and manipulates data stored in the memory 806 of the computer 802 using the relationships and logic that was generated using the compiler 812 .
- the computer 802 also optionally comprises an external communication device such as a modem, satellite link, Ethernet card, or other device for communicating with other computers.
- instructions implementing the operating system 808 , the computer program 810 , and the compiler 812 are tangibly embodied in a computer-readable medium, e.g., data storage device 820 , which could include one or more fixed or removable data storage devices, such as a zip drive, floppy disc drive 824 , hard drive, CD-ROM drive, tape drive, etc.
- the operating system 808 and the computer program 810 are comprised of instructions which, when read and executed by the computer 802 , causes the computer 802 to perform the steps necessary to implement and/or use the present invention.
- Computer program 810 and/or operating instructions may also be tangibly embodied in memory 806 and/or data communications devices 830 , thereby making a computer program product or article of manufacture according to the invention.
- article of manufacture “program storage device” and “computer program product” as used herein are intended to encompass a computer program accessible from any computer readable device or media.
Abstract
Description
Claims (30)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/652,082 US10477151B2 (en) | 2004-10-18 | 2017-07-17 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
PCT/US2018/042542 WO2019018431A1 (en) | 2017-07-17 | 2018-07-17 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,957 US20200068175A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,912 US20200068174A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US61966304P | 2004-10-18 | 2004-10-18 | |
PCT/US2005/037197 WO2006044765A2 (en) | 2004-10-18 | 2005-10-18 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US79527207A | 2007-07-13 | 2007-07-13 | |
US13/541,492 US9014375B2 (en) | 2004-10-18 | 2012-07-03 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US14/692,500 US9712786B2 (en) | 2004-10-18 | 2015-04-21 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US201762446196P | 2017-01-13 | 2017-01-13 | |
US15/652,082 US10477151B2 (en) | 2004-10-18 | 2017-07-17 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/692,500 Continuation-In-Part US9712786B2 (en) | 2004-10-18 | 2015-04-21 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/670,912 Continuation US20200068174A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,957 Continuation US20200068175A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20170318263A1 US20170318263A1 (en) | 2017-11-02 |
US10477151B2 true US10477151B2 (en) | 2019-11-12 |
Family
ID=60159195
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/652,082 Expired - Fee Related US10477151B2 (en) | 2004-10-18 | 2017-07-17 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,912 Abandoned US20200068174A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,957 Abandoned US20200068175A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/670,912 Abandoned US20200068174A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
US16/670,957 Abandoned US20200068175A1 (en) | 2004-10-18 | 2019-10-31 | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system |
Country Status (1)
Country | Link |
---|---|
US (3) | US10477151B2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10348501B2 (en) * | 2015-07-10 | 2019-07-09 | Inside Secure | Method and apparatus for a blackbox programming system permitting downloadable applications and multiple security profiles providing hardware separation of services in hardware constrained devices |
WO2021051002A1 (en) * | 2019-09-12 | 2021-03-18 | Intertrust Technologies Corporation | Dynamic broadcast content access management systems and methods |
Citations (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4757534A (en) | 1984-12-18 | 1988-07-12 | International Business Machines Corporation | Code protection using cryptography |
US5790663A (en) | 1996-03-28 | 1998-08-04 | Advanced Micro Devices, Inc. | Method and apparatus for software access to a microprocessor serial number |
US5940504A (en) | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
WO1999043120A1 (en) | 1998-02-20 | 1999-08-26 | Digital Video Express, L.P. | Information access control system and method |
WO1999053689A1 (en) | 1998-04-15 | 1999-10-21 | Digital Video Express, L.P. | Conditional access via secure logging with simplified key management |
US6240401B1 (en) | 1998-06-05 | 2001-05-29 | Digital Video Express, L.P. | System and method for movie transaction processing |
US6243468B1 (en) | 1998-04-29 | 2001-06-05 | Microsoft Corporation | Software anti-piracy system that adapts to hardware upgrades |
US6285774B1 (en) | 1998-06-08 | 2001-09-04 | Digital Video Express, L.P. | System and methodology for tracing to a source of unauthorized copying of prerecorded proprietary material, such as movies |
WO2002001333A2 (en) | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for providing an individualized secure repository |
US20020018568A1 (en) | 2000-08-03 | 2002-02-14 | Weaver J. Dewey | Method and system for encrypting and storing content to a user |
US20020021805A1 (en) | 1999-01-06 | 2002-02-21 | Schumann Robert Wilhelm | Digital content distribution system and method |
US6393128B1 (en) | 1998-09-01 | 2002-05-21 | Mindport B. V. | System for broadcasting data signals in a secure manner |
US20020067914A1 (en) | 2000-01-05 | 2002-06-06 | Schumann Robert Wilhelm | Content packet distribution system |
US20020094084A1 (en) | 1995-12-04 | 2002-07-18 | Wasilewski Anthony Hj. | Method and apparatus for providing conditional access in connection-oriented interactive networks with a multiplicity of service providers |
US20030026433A1 (en) | 2001-07-31 | 2003-02-06 | Matt Brian J. | Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique |
US20030046568A1 (en) | 2001-09-06 | 2003-03-06 | Riddick Christopher J. | Media protection system and method and hardware decryption module used therein |
US20030061477A1 (en) | 2001-09-21 | 2003-03-27 | Kahn Raynold M. | Method and apparatus for encrypting media programs for later purchase and viewing |
US6550011B1 (en) | 1998-08-05 | 2003-04-15 | Hewlett Packard Development Company, L.P. | Media content protection utilizing public key cryptography |
US20030188164A1 (en) | 2002-03-27 | 2003-10-02 | General Instrument Corporation | Smart card mating protocol |
US20040010717A1 (en) | 2002-01-29 | 2004-01-15 | Intertainer Asia Pte Ltd. | Apparatus and method for preventing digital media piracy |
US6681212B1 (en) | 1999-04-23 | 2004-01-20 | Nianning Zeng | Internet-based automated system and a method for software copyright protection and sales |
US20040034582A1 (en) | 2001-01-17 | 2004-02-19 | Contentguard Holding, Inc. | System and method for supplying and managing usage rights based on rules |
US20040039704A1 (en) | 2001-01-17 | 2004-02-26 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights of users and suppliers of items |
US20040044891A1 (en) | 2002-09-04 | 2004-03-04 | Secure Computing Corporation | System and method for secure group communications |
US20040078575A1 (en) | 2002-01-29 | 2004-04-22 | Morten Glenn A. | Method and system for end to end securing of content for video on demand |
US20040107356A1 (en) | 1999-03-16 | 2004-06-03 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US20040133803A1 (en) | 1999-05-05 | 2004-07-08 | Rabin Michael O. | Methods and apparatus for protecting information |
US20040184616A1 (en) | 2003-03-18 | 2004-09-23 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US20050005098A1 (en) | 2003-04-08 | 2005-01-06 | Olivier Michaelis | Associating software with hardware using cryptography |
EP1555822A1 (en) | 2004-01-16 | 2005-07-20 | The Directv Group, Inc. | Distribution of video content using client to host pairing of integrated receivers/decoders |
US20050172122A1 (en) | 2004-02-03 | 2005-08-04 | Hank Risan | Method and system for controlling presentation of computer readable media on a media storage device |
US6931545B1 (en) | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
EP1575291A2 (en) | 2004-01-16 | 2005-09-14 | The Direct TV Group, Inc | Distribution of video content using a trusted network key for sharing content |
EP1585329A2 (en) | 2004-01-16 | 2005-10-12 | The Directv Group, Inc. | Distribution of broadcast content for remote decryption and viewing |
US6957344B1 (en) | 1999-07-09 | 2005-10-18 | Digital Video Express, L.P. | Manufacturing trusted devices |
US20050278257A1 (en) | 2004-06-10 | 2005-12-15 | Barr David A | Content security system for screening applications |
US20060010500A1 (en) | 2004-02-03 | 2006-01-12 | Gidon Elazar | Protection of digital data content |
US20060143481A1 (en) | 2003-03-18 | 2006-06-29 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US20060159303A1 (en) | 1993-11-18 | 2006-07-20 | Davis Bruce L | Integrating digital watermarks in multimedia content |
US20060239503A1 (en) | 2005-04-26 | 2006-10-26 | Verance Corporation | System reactions to the detection of embedded watermarks in a digital host content |
US7174512B2 (en) | 2000-12-01 | 2007-02-06 | Thomson Licensing S.A. | Portal for a communications system |
US20070033419A1 (en) | 2003-07-07 | 2007-02-08 | Cryptography Research, Inc. | Reprogrammable security for controlling piracy and enabling interactive content |
US7295681B2 (en) | 2005-01-27 | 2007-11-13 | Sarnoff Corporation | Method and apparatus for providing improved workflow for digital watermarking |
US7376233B2 (en) | 2002-01-02 | 2008-05-20 | Sony Corporation | Video slice and active region based multiple partial encryption |
US7565546B2 (en) * | 1999-03-30 | 2009-07-21 | Sony Corporation | System, method and apparatus for secure digital content transmission |
US7684409B2 (en) | 2004-06-10 | 2010-03-23 | The Directv Group, Inc. | Efficient message delivery in a multi-channel uni-directional communications system |
US7797552B2 (en) * | 2001-09-21 | 2010-09-14 | The Directv Group, Inc. | Method and apparatus for controlling paired operation of a conditional access module and an integrated receiver and decoder |
US20150113278A1 (en) | 2012-03-02 | 2015-04-23 | Syphermedia International, Inc. | Blackbox security provider programming system permitting multiple customer use and in field conditional access switching |
US20170012952A1 (en) | 2015-07-10 | 2017-01-12 | Syphermedia International, Inc. | Method and apparatus for a blackbox programming system permitting downloadable applications and multiple security profiles providing hardware separation of services in hardware constrained devices |
-
2017
- 2017-07-17 US US15/652,082 patent/US10477151B2/en not_active Expired - Fee Related
-
2019
- 2019-10-31 US US16/670,912 patent/US20200068174A1/en not_active Abandoned
- 2019-10-31 US US16/670,957 patent/US20200068175A1/en not_active Abandoned
Patent Citations (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4757534A (en) | 1984-12-18 | 1988-07-12 | International Business Machines Corporation | Code protection using cryptography |
US5940504A (en) | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
US20060159303A1 (en) | 1993-11-18 | 2006-07-20 | Davis Bruce L | Integrating digital watermarks in multimedia content |
US20020094084A1 (en) | 1995-12-04 | 2002-07-18 | Wasilewski Anthony Hj. | Method and apparatus for providing conditional access in connection-oriented interactive networks with a multiplicity of service providers |
US5790663A (en) | 1996-03-28 | 1998-08-04 | Advanced Micro Devices, Inc. | Method and apparatus for software access to a microprocessor serial number |
WO1999043120A1 (en) | 1998-02-20 | 1999-08-26 | Digital Video Express, L.P. | Information access control system and method |
WO1999053689A1 (en) | 1998-04-15 | 1999-10-21 | Digital Video Express, L.P. | Conditional access via secure logging with simplified key management |
US6243468B1 (en) | 1998-04-29 | 2001-06-05 | Microsoft Corporation | Software anti-piracy system that adapts to hardware upgrades |
US6240401B1 (en) | 1998-06-05 | 2001-05-29 | Digital Video Express, L.P. | System and method for movie transaction processing |
US6285774B1 (en) | 1998-06-08 | 2001-09-04 | Digital Video Express, L.P. | System and methodology for tracing to a source of unauthorized copying of prerecorded proprietary material, such as movies |
US6550011B1 (en) | 1998-08-05 | 2003-04-15 | Hewlett Packard Development Company, L.P. | Media content protection utilizing public key cryptography |
US6393128B1 (en) | 1998-09-01 | 2002-05-21 | Mindport B. V. | System for broadcasting data signals in a secure manner |
US20020021805A1 (en) | 1999-01-06 | 2002-02-21 | Schumann Robert Wilhelm | Digital content distribution system and method |
US20040107356A1 (en) | 1999-03-16 | 2004-06-03 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US7565546B2 (en) * | 1999-03-30 | 2009-07-21 | Sony Corporation | System, method and apparatus for secure digital content transmission |
US6681212B1 (en) | 1999-04-23 | 2004-01-20 | Nianning Zeng | Internet-based automated system and a method for software copyright protection and sales |
US20040133803A1 (en) | 1999-05-05 | 2004-07-08 | Rabin Michael O. | Methods and apparatus for protecting information |
US20060005253A1 (en) | 1999-07-09 | 2006-01-05 | Goldshlag David M | Manufacturing trusted devices |
US6957344B1 (en) | 1999-07-09 | 2005-10-18 | Digital Video Express, L.P. | Manufacturing trusted devices |
US20020067914A1 (en) | 2000-01-05 | 2002-06-06 | Schumann Robert Wilhelm | Content packet distribution system |
WO2002001333A2 (en) | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for providing an individualized secure repository |
US20020018568A1 (en) | 2000-08-03 | 2002-02-14 | Weaver J. Dewey | Method and system for encrypting and storing content to a user |
US6931545B1 (en) | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
US7174512B2 (en) | 2000-12-01 | 2007-02-06 | Thomson Licensing S.A. | Portal for a communications system |
US20040034582A1 (en) | 2001-01-17 | 2004-02-19 | Contentguard Holding, Inc. | System and method for supplying and managing usage rights based on rules |
US20040039704A1 (en) | 2001-01-17 | 2004-02-26 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights of users and suppliers of items |
US20030026433A1 (en) | 2001-07-31 | 2003-02-06 | Matt Brian J. | Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique |
US20030046568A1 (en) | 2001-09-06 | 2003-03-06 | Riddick Christopher J. | Media protection system and method and hardware decryption module used therein |
US20080279386A1 (en) | 2001-09-21 | 2008-11-13 | The Directv Group, Inc. | Method and apparatus for encrypting media programs for later purchase and viewing |
US20030061477A1 (en) | 2001-09-21 | 2003-03-27 | Kahn Raynold M. | Method and apparatus for encrypting media programs for later purchase and viewing |
US7797552B2 (en) * | 2001-09-21 | 2010-09-14 | The Directv Group, Inc. | Method and apparatus for controlling paired operation of a conditional access module and an integrated receiver and decoder |
US7409562B2 (en) * | 2001-09-21 | 2008-08-05 | The Directv Group, Inc. | Method and apparatus for encrypting media programs for later purchase and viewing |
US7376233B2 (en) | 2002-01-02 | 2008-05-20 | Sony Corporation | Video slice and active region based multiple partial encryption |
US20040078575A1 (en) | 2002-01-29 | 2004-04-22 | Morten Glenn A. | Method and system for end to end securing of content for video on demand |
US20040010717A1 (en) | 2002-01-29 | 2004-01-15 | Intertainer Asia Pte Ltd. | Apparatus and method for preventing digital media piracy |
US7328345B2 (en) | 2002-01-29 | 2008-02-05 | Widevine Technologies, Inc. | Method and system for end to end securing of content for video on demand |
US20030188164A1 (en) | 2002-03-27 | 2003-10-02 | General Instrument Corporation | Smart card mating protocol |
US20040044891A1 (en) | 2002-09-04 | 2004-03-04 | Secure Computing Corporation | System and method for secure group communications |
US20040184616A1 (en) | 2003-03-18 | 2004-09-23 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US7007170B2 (en) | 2003-03-18 | 2006-02-28 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US20060101287A1 (en) | 2003-03-18 | 2006-05-11 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US20060143481A1 (en) | 2003-03-18 | 2006-06-29 | Widevine Technologies, Inc. | System, method, and apparatus for securely providing content viewable on a secure device |
US7356143B2 (en) | 2003-03-18 | 2008-04-08 | Widevine Technologies, Inc | System, method, and apparatus for securely providing content viewable on a secure device |
US20050005098A1 (en) | 2003-04-08 | 2005-01-06 | Olivier Michaelis | Associating software with hardware using cryptography |
US20070033419A1 (en) | 2003-07-07 | 2007-02-08 | Cryptography Research, Inc. | Reprogrammable security for controlling piracy and enabling interactive content |
US7548624B2 (en) | 2004-01-16 | 2009-06-16 | The Directv Group, Inc. | Distribution of broadcast content for remote decryption and viewing |
US7580523B2 (en) | 2004-01-16 | 2009-08-25 | The Directv Group, Inc. | Distribution of video content using client to host pairing of integrated receivers/decoders |
EP1555822A1 (en) | 2004-01-16 | 2005-07-20 | The Directv Group, Inc. | Distribution of video content using client to host pairing of integrated receivers/decoders |
US7599494B2 (en) | 2004-01-16 | 2009-10-06 | The Directv Group, Inc. | Distribution of video content using a trusted network key for sharing content |
EP1585329A2 (en) | 2004-01-16 | 2005-10-12 | The Directv Group, Inc. | Distribution of broadcast content for remote decryption and viewing |
EP1575291A2 (en) | 2004-01-16 | 2005-09-14 | The Direct TV Group, Inc | Distribution of video content using a trusted network key for sharing content |
US20060010500A1 (en) | 2004-02-03 | 2006-01-12 | Gidon Elazar | Protection of digital data content |
US20050172122A1 (en) | 2004-02-03 | 2005-08-04 | Hank Risan | Method and system for controlling presentation of computer readable media on a media storage device |
US20050278257A1 (en) | 2004-06-10 | 2005-12-15 | Barr David A | Content security system for screening applications |
US7684409B2 (en) | 2004-06-10 | 2010-03-23 | The Directv Group, Inc. | Efficient message delivery in a multi-channel uni-directional communications system |
US7295681B2 (en) | 2005-01-27 | 2007-11-13 | Sarnoff Corporation | Method and apparatus for providing improved workflow for digital watermarking |
US20060239503A1 (en) | 2005-04-26 | 2006-10-26 | Verance Corporation | System reactions to the detection of embedded watermarks in a digital host content |
US20150113278A1 (en) | 2012-03-02 | 2015-04-23 | Syphermedia International, Inc. | Blackbox security provider programming system permitting multiple customer use and in field conditional access switching |
US20170012952A1 (en) | 2015-07-10 | 2017-01-12 | Syphermedia International, Inc. | Method and apparatus for a blackbox programming system permitting downloadable applications and multiple security profiles providing hardware separation of services in hardware constrained devices |
Non-Patent Citations (9)
Title |
---|
Cinea press release "Cinea, Inc. to Provide IFE Key Management Servies for Universal Pictures and Twentieth Century Fox" Sep. 9, 2003. |
Digital lifestyles Magazine Article "Secure DVD Players for BAFTA Judges", Aug. 31, 2004. |
EP Further Examination Report (contained in a Summons to attend oral proceedings) dated Feb. 28, 2014 for European Application No. 05811812.6. |
EP Office Action dated Jan. 13, 2011, Application No. 05811812.6. |
Jean-Luc Giachetti; A Common Conditional Access Interface for Digital Video Broadcasting Decoders ; IEEE Transactions on Consumer Electronics, vol. 41, No. 3, Aug. 1995; p. 836-841 (Year: 1995). * |
ORM Watch Magazine Article "Cinea DRM for DVDs Endorsed for Oscar Screeners", Jul. 8, 2004. |
PCT International Search Report & Written Opinion dated Sep. 26, 2018 for PCT Application No. PCT/US2018/042542. |
PCT/US2005/037197 International Search Report and Written Opinion. |
Response to EP Office Action dated Jan. 13, 2011. |
Also Published As
Publication number | Publication date |
---|---|
US20170318263A1 (en) | 2017-11-02 |
US20200068174A1 (en) | 2020-02-27 |
US20200068175A1 (en) | 2020-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9712786B2 (en) | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system | |
KR100641218B1 (en) | Conditional access broadcasting system for terrestrial digital multimedia broadcasting and method thereof | |
US6738905B1 (en) | Conditional access via secure logging with simplified key management | |
US6055314A (en) | System and method for secure purchase and delivery of video content programs | |
KR100629413B1 (en) | Smartcard for use with a receiver of encrypted broadcast signal, and receiver | |
US7970138B2 (en) | Method and apparatus for supporting broadcast efficiency and security enhancements | |
EP2066127B1 (en) | A method, apparatus and system to manage access to program content | |
US20070201695A1 (en) | Pay per minute for DVB-H services | |
JP2008547312A (en) | Multimedia access device registration system and method | |
JP2001519629A (en) | Method and apparatus for transmitting an encrypted data stream | |
CN1550100A (en) | CA system for using multiple cipher key broadcasting DTV to different service supply merchants and service areas | |
JP2005341606A (en) | Authorization of services in conditional access system | |
EP1903799B1 (en) | A method for realizing preview of iptv programs, an encryption apparatus, a right center system and a user terminal | |
US20200068175A1 (en) | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system | |
TWI523534B (en) | Method for transmitting and receiving a multimedia content | |
JP2007501556A (en) | Copy protection application in digital broadcasting system | |
CN101442660B (en) | System for receiving download type digital television condition and dynamic download method thereof | |
WO2019018431A1 (en) | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system | |
US20060059506A1 (en) | Conditional access system for digital television content based on prepayment and optimisation of the bandwidth of the channel broadcasting said content | |
US20220385987A1 (en) | Multimedia content secure access | |
WO2009075535A2 (en) | Prepaid broadcasting receiver and subscriber management system and method thereof in digital multimedia broadcasting service | |
Yang et al. | Authentication scheme and simplified CAS in mobile multimedia broadcast | |
KR101240659B1 (en) | Cas system and method for digital broadcating receiver |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SYPHERMEDIA INTERNATIONAL, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:COCCHI, RONALD P.;GAGNON, GREGORY J.;FLAHARTY, DENNIS R.;AND OTHERS;SIGNING DATES FROM 20171005 TO 20171009;REEL/FRAME:044993/0028 |
|
AS | Assignment |
Owner name: INSIDE SECURE S.A., FRANCE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SYPHERMEDIA INTERNATIONAL, INC.;REEL/FRAME:045053/0301 Effective date: 20180123 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: GLAS SAS, AS SECURITY AGENT, FRANCE Free format text: SECURITY INTEREST;ASSIGNOR:INSIDE SECURE;REEL/FRAME:048449/0887 Effective date: 20190227 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
AS | Assignment |
Owner name: VERIMATRIX, FRANCE Free format text: CHANGE OF NAME;ASSIGNOR:INSIDE SECURE;REEL/FRAME:050647/0428 Effective date: 20190624 |
|
AS | Assignment |
Owner name: VERIMATRIX, FRANCE Free format text: CHANGE OF ADDRESS;ASSIGNOR:VERIMATRIX;REEL/FRAME:050733/0003 Effective date: 20190930 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: INSIDE SECURE, FRANCE Free format text: PARTIAL RELEASE OF SECURITY INTEREST IN PATENT COLLATERAL;ASSIGNOR:GLAS SAS, AS AGENT;REEL/FRAME:051076/0306 Effective date: 20191112 |
|
AS | Assignment |
Owner name: RAMBUS INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VERIMATRIX;REEL/FRAME:051262/0413 Effective date: 20191113 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20231112 |